Jump to content

Recommended Posts

Not sure what is going on I tried everything (well, that I could think of) . . . any ideas are welcome (hopefully new ones - getting frustrated :/)

if ($mysqli->prepare("INSERT INTO solcontest_entries (title, image,content, user, contest) VALUES ($title, $image, $content, $userid, $contest")) {
$stmt2 = $mysqli->prepare("INSERT INTO `solcontest_entries` (title, image, content, user, contest) VALUES (?, ?, ?, ?, ?)");
$stmt2->bind_param('sssss', $title, $image, $content, $userid, $contest);
$stmt2->execute();
$stmt2->store_result();
$stmt2->fetch();
$stmt2->close();
} else {
			
	die(mysqli_error($mysqli));

}

Error I get from die mysqli_error: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' of the site's lead ad, user_61609201, contest_1' at line 1"

 

I have also tried $mysqli->query no change occured. I added the "if else die" statement because it was giving no errors, but not adding it to the database.

 

It gives the error where $content is supposed to be inserted.

 

Various combos and singles I tried for the variable:

//$content =  cleansafely($_POST['content']);
//$content = mysqli_real_escape_string ($mysqli, $_POST['content']);
//$content = cleansafely($content);
$content = $_POST['content'];

If any more information is needed please let me know.

Share this post


Link to post
Share on other sites

You are preparing the query twice here. Why?

if ($mysqli->prepare("INSERT INTO solcontest_entries (title, image,content, user, contest) VALUES ($title, $image, $content, $userid, $contest")) {
$stmt2 = $mysqli->prepare("INSERT INTO `solcontest_entries` (title, image, content, user, contest) VALUES (?, ?, ?, ?, ?)");

You only need to prepare the query once. The values in a prepared query should be substituted with placeholders. You then use bind_param to bind the values to the placeholders. When you execute the query mysql will use the bound values in place of the placeholders.

 

Your code should be

if ($stmt2 = $mysqli->prepare("INSERT INTO `solcontest_entries` (title, image, content, user, contest) VALUES (?, ?, ?, ?, ?)")) {

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.